2. There is also a pit I once encountered. I saw on WeChat SDK that token and ticket need to be cached in the server, and the validity period is 7200 seconds. I didn't think carefully when I wrote the code, so I also cached the generated signature. After reading the document carefully, I decided to regenerate the signature every time I opened the page. Token and ticket are still cached, but the timestamp is different, so the signature is different every time.
3. The fields participating in the signature include valid jsapi_ticket (see the WeChat JSSDK document for details), noncestr (a random string randomly generated by the developer), timestamp (the current timestamp generated by the developer) and url (the URL of the current webpage, excluding # and its subsequent parts).
4. Special attention: When using parameters to generate signatures, all the parameters to be signed should be sorted from small to large according to the ASCII code of the field name (dictionary order), and then the format of URL key-value pair (i.e. key1= value1&; Key 2 = value 2 ...) to the string string 1. It should be noted here that all parameter names are lowercase characters.
5. Confirm that the non centr in config and timestamp (hump standard capital S in JS) is consistent with the corresponding noncentr and timestamp in the signature.
6. Confirm that the url is the complete url of the page (please confirm it in the current page alert (location.href.split ('#') [0]), including' http(s)://' and'?'. . Gets the following parameter part, but does not include the part after the "#" hash. Because once the page is shared, the WeChat client will add other parameters at the end of your link. If the current link is not obtained dynamically, the signing of the shared page will fail.